apt.phps

<!--
// apt.php
// A simple and very useless script for testing a user input string as password for all users in a tbsource-database.
// hellfairy - http://packy.se/
-->
<html>
<head>
<title>APT - Awesome Password Tester</title>
<style>
    #body { padding: 20px; }
    #head { font-style: Verdana,sans-seriff; font-size: 11pt; }
    #main { padding: 10px; }
</style>
</head>
<body>

<div id="body">

<div id="head">
    Enter password to check for:
    <form method="get" action="<?=$_SERVER['PHP_SELF']?>">
    <input type="text" size="20" name="q" value=<?=$_GET['q']?>>
    <input type="submit" value="Query">
    </form>
</div>

<div id="main">
    <pre>
<?
require('/home/erik/public_html/roundbytes.php');
$users = 0;
if(!empty($_GET['q']))
{
  mysql_connect('localhost','user','password') or die(mysql_error());
  mysql_select_db('database') or die(mysql_error());
  $res = mysql_query('select username,id,class,secret,passhash,downloaded,uploaded from users order by id asc') or die(mysql_error());
  $numusers = mysql_num_rows($res);
  if($numusers > 0)
  {
    echo str_pad('Username',20).str_pad('Password',20).str_pad('Downloaded',12).str_pad('Uploaded',12).str_pad('Class',8)."\n";
    while($data = mysql_fetch_assoc($res))
    {
      if(md5($data['secret'].$_GET['q'].$data['secret']) == $data['passhash'])
      {
        echo str_pad($data['username'], 20).str_pad($_GET['q'],20).str_pad(roundbytes($data['downloaded']),12).str_pad(roundbytes($data['uploaded']),12).str_pad($data['class'],8)."\n";
        $users++;
        continue;
      }
    }
    if($users == 0)
    {
      echo "No users found with that password.";
    } else
    {
      echo "Total users found: ".$users."/".$numusers." (".round($users/$numusers,6)."%)\n";
    }
  } else
  {
    echo "No users in the database!\n";
  }
}
?>
    </pre>
</div>

</div>

</body>
</html>